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DETAILED ACTION 



1 . Claims 1-23 have been examined. 



Claim Rejections - 35 USC §112 



The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 



3. Claim 8 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 

for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claim 1 recites the limitation "receiving 
information associated with the current transaction*. It is not only vague but 
also ambiguous. The disclosure is not supporting this limitation since It could 
be interpreted in various ways. For instance the client could be the one which is 
receiving the information or the transaction engine could be the one which is 
receiving the information. The disclosure is silent about this feature. In order to 
overcome this ambiguity the applicant in claim 8 should indicate which entity is 
the one which sends the information or which entity is the one which receive the 
information. 

• Claim 8 also recites the limitation, "generating features for a first set of 
keys associated with the current transaction", this limitation is not clearly 
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described in the disclosure because according to the disclosure this generating 
features could be done either at the server side or in the transactional 
information sources. In order to overcome this ambiguity the applicant in claim 
8 should indicate which entity is the one which generates a first set of keys. 

• Claim 8 also recites the "comparing " and "comparing " features, 

the "determining...'' and "determining...'' features and "encrypting..." and 
"encrypting..." features. The claim did not specify where each of these steps are 
done. Even though, it is not disclosed in the disclosure whether or not those 
limitations/ steps are done in either at the server or at the client, they have be 
done either at the client or at the server. In order to overcome this ambiguity the 
applicant in claim 8 should indicate in which entity each of these steps takes 
place. 

4. Claims 9-16 depend from the rejected claim 8 respectively, and include all the 
limitations of the respective claims, thereby rendering those dependent claims 
indefinite 

5. Claim 17 is rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. The limitation in claim 17 recites the features 
requiring the steps which could be performed in different entity from what is described 
in the disclosure. This is not only ambiguous but one of ordinary person skilled in the 
art would not have sufficient information to have a clear interpretation presented in the 
claim language in view of the specification. Therefore, claim 17 is required to be 
rewritten in such a way that the limitation is fully supported in the disclosure. 

For the sake of examination Claim ft a«H rl^m 1 7 are interpreted in view of the 
embodiment shown /presented in figure 2-4 bv the applicant. 
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6. Claims 18-22 depend from the rejected claim 17 respectively, and include all 

the limitations of the respective claims, thereby rendering those dependent 
claims indefinite 



7. Claim 2 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. Claim 2 recites the term "substantially". Since it is a relative 
term, It does not have a clear and well defined meaning. It has to be either be 
removed/ replaced to avoid ambiguity. 

8. Claims 3-5 depend from the rejected claim 2 respectively, and include all the 
limitations of the respective claims, thereby rendering those dependent claims indefinite 

Claim Objections 

9. The numbering of claims is not in accordance with 37 CFR 1 . 126 which requires the 
original numbering of the claims to be preserved throughout the prosecution. When claims are 
canceled, the remaining claims must not be renumbered. When new claims are presented, 
they must be numbered consecutively beginning with the number next following the highest 
numbered claims previously presented (whether entered or not). 

There are two different claims designated to be claim number 22, and the second claim 
22, should be renumbered to claim 23 and likewise claim 23 should be renumbered to be claim 
24. 

Appropriate correction is required. 

Claim Rejections - 35 USC §102 
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10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or 
in public use or on sale in this country, more than one year prior to the date of application for 
patent in the United States . 

1 1 . CJfti«>« 1 T 6-8. 17-19 and 2Q-23 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Shambroom (hereinafter refereed as Shambroom) (U.S. Patent No. 
5,923756) (Provided by the applicant and included in the applicant IDS 

12. As per claim 1 Shambroom discloses a computing system (figure 1) for processing a 
transaction [Column 7, lines 53-55] ("encrypt future transactions"), the computing system (See 
figure 1) comprising: 

A server system, [Figure 1, ref. Num "300" and figure 3, ref. Num "305"] the server 
system being arranged to process information associated with the transaction[Column 7, lines 
53-55] (the server 300 continues to use the session key to encrypt future transactions"); and 

A client system(figure 1, ref. Num "200" and figure 3, ref. Num "205"], the client system 
being in communication with the server system[See figure 2], wherein the client system 
includes a key engine which is arranged generate keys [column 7, lines 43, "client 200 creates 
session key" and see also claim 2 1 " a client generated session key*] and 

The client system and the server system are arranged to cooperate [column 7, lines 53- 
55, "see the hand shake shown on figure 2, ref. Num "210* is successful and see also the 
cooperation of the client and the server shown on figure 2, ref. Num "206" - u 2 12"] to assess risk 
associated with the transaction. [It is inherently included that the client and the server 
assessed the risk of communication and whatever transaction is going to be made between 
them over the insecure network through the steps shown in figure 2] 
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13. As per claim 17 and 23 Shambroom discloses a computer-implemented method for 
handling a local transaction, the computer-implemented method comprising: receiving a local 
transaction from a source [column 7, lines 15-19, "the web server receiving a local transaction 
request from the a web browser from the client/ source"]; encrypting at least a portion of the 
local transaction into at least one local transaction key[column 7, lines 43, "clients creates 
session keys which is gradually used for encrypting message /transaction shown on column 7, 
lines 51-52]; producing at least one enhanced key using the at least one local transaction 
key;[column 7, lines 43-48](the encrypted session key/enhanced key is produced by local 
transaction key/ session key) determining when the at least one enhanced key is a new key; 
sending the at least one enhanced key to the source when it is determined that the at least one 
enhanced key is the new key [when the server receives the encrypted session key /the enhanced 
key/new key, the server determines to authenticate itself to the client and sends the underlying 
session key/ the new key to client with the message/transaction as described on column 7, 
lines 50-52]is a new key; and processing the local transaction with the at least one enhanced 
key using the source, [column 7, lines 53-55, "the session key/enhanced key/ is used for 
future transaction"] wherein processing the local transaction with the at least one enhanced 
key include applying a measure of transaction risk. [column 7, lines 53-55, before applying the 
enhanced key/ session key the handshake process indicated at the arrow 2 10 has to be 
successful meaning that the client and the server assessed the risk of communication and 
whatever transaction is going to be made between them over the insecure network] 

14. As per claim 8, t he claim limitation are interpreted in view of the embodiment 
shown/ presented in figure 2-4 by the applicant for the reason indicated above. And these 
features are similar to the claim 17. Thus, claim 8 is rejected by the same rational provided to 
the claim 17 above. 
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15. As per claim 6 & 18-22 [includes both claims designated as claim 221 Shambroom 

discloses a computing a system as applied to claims above. Furthermore Shambroom discloses 
the system wherein the client is arranged to send the keys generated by the key engine as a 
transaction to the server system. [Column 7, lines 43-48, "client 200 creates session key" and 
see also claim 2 1 " a client generated session key" and encrypt it and send it to the server] 

16. As per claim 7 Shambroom discloses a computing a system as applied to claims 
above. Furthermore Shambroom discloses the system further including a transaction engine, 
the transaction engine being arranged to facilitate communication between the server system 
and the client system, [figure 2-4] 



Claim Rejections - 35 USC §103 



17. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this tide, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 



18. 



Claims 2-5, 9-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over by 
anticipated by Shambroom (hereinafter refereed as Shambroom) (U.S. Patent No. 
5,923756) (Provided by the applicant and included in the applicant IDS 
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in view of Basch (hereinafter refereed as Basach) (International Publication No. WO 
98/54667 ) (Publication date: 12/03/1998) 

19. As per cla ims ^-5 r 9-10.13-16 Shambroom disposes a computing system (figure 1) for 
processing a transaction [Column 7, lines 53-55] ("encrypt future transactions"), the computing 
system (See figure 1) comprising: 

A server system, [Figure 1, ref. Num "300" and figure 3, ref. Num "305"] the server 
system being arranged to process information associated with the transaction[Column 7, lines 
53-55] (the server 300 continues to use the session key to encrypt future transactions"); and 

A client system(figure 1, ref. Num "200" and figure 3, ref. Num "205"], the client system 
being in communication with the server systemfSee figure 2], wherein the client system 
includes a key engine which is arranged generate keys [column 7, lines 43, "client 200 creates 
session key" and see also claim 2 1 * a client generated session key"] and 

The client system and the server system are arranged to cooperate [column 7, lines 53- 
55, "see the hand shake shown on figure 2, ref. Num "2 10" is successful and see also the 
cooperation of the client and the server shown on figure 2, ref. Num "206" -"2 12"] to assess risk 
associated with the transaction. [It is inherently included that the client and the server 
assessed the risk of communication and whatever transaction is going to be made between 
them over the insecure network through the steps shown in figure 2] 

Shambroom does not explicitly disclose 

• The server system includes: a profiling engine, the profiling engine being 
arranged to receive information associated with the transaction, the profiling engine further 
being arranged to generate features associated with keys associated with the transaction; a 
clustering engine, the clustering engine being in communication with the profiling engine, the 
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clustering engine being arranged to substantially cluster the features into secondary keys; and 
a replication engine, the replication engine being arranged to compare the keys to the 
secondary keys to identify differences between the keys and the secondary keys. 

However, in the same field of endeavor Basach , discloses 

The server system includes [figure 3b, "1 12*]: a profiling engine, the profiling engine 
being arranged to receive information associated with the transaction, the profiling engine 
further being arranged to generate features associated with keys associated with the 
transaction [figure 3b, 208; page 21, lines 15-18]; a clustering engine, the clustering engine 
being in communication with the profiling engine, the clustering engine being arranged to 
substantially cluster the features into secondary keys [figure 4, ref. "consolidated database*; 
page 21, lines 20-23]; and a replication engine, the replication engine being arranged to 
compare the keys to the secondary keys to identify differences between the keys and the 
secondary keys. [Page 21, lines 23-page 22, line 11; page 15, lines 13-20] 

It would have been obvious to one having ordinary skill in the art, at the time the invention was 
made, to combine the techniques of risk scoring using different components of the server as 
per teachings of Basach in to the method as taught by Shambroom in order to enhances the 
predicting of financial risk in the transaction. [See Basach, Abstract] 

20. As per claim 1 1 the combination of Shambroom and Basach discloses a computing 
a system as applied to claims above. Furthermore Basach further including saving the 
information associated with the transaction to a second database, [figure 4, "transaction 
Archive*] 

21. As per claim 12 the combination of Shambroom and Basach discloses a computing 
a system as applied to claims above. Furthermore Basach the system/ a computer implemented 
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method wherein the information is saved to the second database by a profiling engine. [figure 
3b/208] 



22. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure.(See PTO-Form 892). 

Any inquiry concerning this communication or earlier communications from the 
examine should be directed to Samson B Lemma whose telephone number is 571-272- 
3806. The examiner can normally be reached on Monday- Friday (8:00 am — 4: 30 pm). 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Conclusion 



08/06/2005 



SAMSON LEMMA 




GILBERTO BARRON 3^ 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



